Research About Security Realization For Semantic XML Based On RBAC

XML is a new technology for information exchange, storage and access. Some mechanisms are needed to protected sensitive information stored in XML documents, and access control is one of the mechanisms. But nowadays most of XML access control models only give access control to single element/attribute, while not considering the semantic relationship among elements/attributes.The semantic relationship among elements/attributes on XML documents means user has access right on some elements/attributes,but he can't get them all.Based on the analysis and research on above-mentioned background, we design and realize one semantic XML access control model based on RBAC. Our model expand RBAC so that it not only can give access control to single element/attribute(simple security object) but alse to semantic relationships among XML elements/attributes within one document(association security object), According to this ,we define simple security rule and association security rule. The access control granularity is multi-granularity that means we not only give priority on DTD document but alsogive priority on some element/attribute within the document.A model about security control on semantic XML documents based on RBAC is given. Our system mianly include query dealt module and security check module. Query dealt module mainly anlysis and check the query statement to solve the problem that the user maybe combine information he has known and it can escape security check which can cause information leaking. Security check module check user request data using simple security rule and association security rule. through selective storing user history records we decrease the stored data, and we use XML key value to record the XML elements/attributes in order to ensure the exclusive of the elements/attributes.At last, we give example to show how the system arrive the aim that protect the semantic XML documents, and anlasys the factors influence system response time,which include documents size, the quality of simple security rules and association security rules.